[question]bd Is 2008 Firewall/traffic

Hi mihai_romanian,

Antivirus:BD internet security 2008

Ok i got some question regarding the Traffic tab and svchost.

First of all why would svchost.exe need to connect to the internet and should i deny them access?

svchost.exe is the part of Windows which is running most of the System Services (not all Services, but most of them).

Some of those services might need access to the network, like DHCP Client service, DNS Client service, Computer Browser service, etc... all these, as you can imagine, need access to the network. And that's why svchost.exe would need to connect to the internet.

Why would you block svchost from accessing the internet? Because it might be used by different malware. You could easily be tricked by the name and allow it access. That's why BitDefender has default rules to allow access only for the ports that could be used by svchost and to block access to ports that svchost shouldn't use in normal conditions.

What ports are safe to allow for "unknonwn exe-s that want access to the net?

A very simple answer: NONE. If an application wants to access the internet and you have no clue what that application is, what it wants and where did it come from, block it until you find out what it is.

And my final question would be:why is one of my svchost.exe using as much as 92% CPU load during a full system scan for example?A trojan maybe?

No, it's not a trojan.

In the latest version, BD2008, all the scanning is made by a service called Threat Scanner. This service, like many others, is run by svchost.exe. This is the reason why svchost.exe uses a lot of resources during a system scan: because, in fact, BitDefender is using those resources.

Cris.

You're welcome, mihai_romanian.

If you have any other questions, don't hesitate to post.

Cris.